Systems and methods of push-based verification of a transaction

Abstract

A system and method of implementing an API of an authentication service includes implementing a confirmation API, wherein the implementing includes: initiating a confirmation API request based on receiving an access request, wherein the confirmation API request operates to perform an authentication of a requestor making the access request; identifying the requestor based on a search of the requestor via the confirmation API; identifying, by one or more API endpoints of the remote authentication service: (i) a subscriber account of the subscriber maintained by the remote authentication service and (ii) identifying a user device of the requestor that is enrolled with the subscriber account based on the confirmation API request; transmitting a confirmation request to the user device; obtaining from the user device a response to the confirmation request and presenting the response to the confirmation request to the subscriber; and granting or denying the access request.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims the benefit of U.S. Provisional Application No. 62 / 776,641 filed 7 Dec. 2018, which is incorporated in its entirety by this reference.TECHNICAL FIELD[0002]This invention relates generally to the digital security services field, and more specifically to a new and useful system and method of notifying mobile devices to complete transactions in the digital security field.BACKGROUND[0003]Fraudulent transactions, whether executed online by a malicious party who has stolen a user's online banking password or offline by a malicious party entering a restricted building using a forged identification card, are indicators of a lack of authentication in present day security systems. Similarly, authorization (permission to complete a transaction) is limited without a strong notion of authentication. Traditionally, techniques for authentication are classified into several broad classes such as “what you know” (e.g., passwords or...

AI Technical Summary

Benefits of technology

The patent describes a method for implementing an application programming interface (API) for a remote security service. The method involves receiving an access request from a user and transmitting a user validation request to the remote security service. The user validation request includes information about the user and the user's device. The remote security service identifies the user and enrolled device and sends an authentication request to the user's device. The user's device collects a response to the authentication request and sends it back to the remote security service. The remote security service then sends the authentication request to the user's device in a short message service message. The method allows for secure authentication of users and can be used in both internal and external requestors.

Problems solved by technology

Fraudulent transactions, whether executed online by a malicious party who has stolen a user's online banking password or offline by a malicious party entering a restricted building using a forged identification card, are indicators of a lack of authentication in present day security systems.

Similarly, authorization (permission to complete a transaction) is limited without a strong notion of authentication.

However, many of these solutions are burdensome to users, requiring the user to remember information or carry extra devices to complete a transaction.

While the push-based authentication as implemented in modern security applications may typically be used to authenticate and / or authorize a user typically at login or at an access point, there is no current solution for authenticating and / or confirming authorization of ad-hoc requests from internal users of an enterprise for performing a sensitive operation or the like.

This deficiency is equally apparent with customers and / or external users to the enterprise.

Images